bp nt!NtCreateFile "j poi(@$teb+20) = 0x544'';'gc'"
0x544 is the process id.
@$teb+20 get _CLIENT_ID offset
Tuesday, March 4, 2008
Subscribe to:
Post Comments (Atom)
bp nt!NtCreateFile "j poi(@$teb+20) = 0x544'';'gc'"
0x544 is the process id.
@$teb+20 get _CLIENT_ID offset
No comments:
Post a Comment